General
-
Target
25713f2eb1d6852e44abb388f659e1f949ab714d63c002f4044b8ad37ca0ad7b
-
Size
542KB
-
Sample
241110-b6cwqaxarg
-
MD5
862714656b92bb716d401c7e74153667
-
SHA1
36b3a2e8c7f2220739bb49f266341eaa877eea41
-
SHA256
25713f2eb1d6852e44abb388f659e1f949ab714d63c002f4044b8ad37ca0ad7b
-
SHA512
e2223bb9feb79dd2e4a5b412ea8c4f5a3843160f505a8ff9d2aa54ac963b46fe3b247d118dd64c6004a99021669d3b448140fe71df1e3f775a6df1f54e9ae869
-
SSDEEP
12288:2MrWy90xyq0k3Mvfx5qlQ4RDeBGhHP11yD7vZJ8G7S:oylq0k8fx6Q4QQ11ovQh
Static task
static1
Behavioral task
behavioral1
Sample
25713f2eb1d6852e44abb388f659e1f949ab714d63c002f4044b8ad37ca0ad7b.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rumfa
193.233.20.24:4123
-
auth_value
749d02a6b4ef1fa2ad908e44ec2296dc
Targets
-
-
Target
25713f2eb1d6852e44abb388f659e1f949ab714d63c002f4044b8ad37ca0ad7b
-
Size
542KB
-
MD5
862714656b92bb716d401c7e74153667
-
SHA1
36b3a2e8c7f2220739bb49f266341eaa877eea41
-
SHA256
25713f2eb1d6852e44abb388f659e1f949ab714d63c002f4044b8ad37ca0ad7b
-
SHA512
e2223bb9feb79dd2e4a5b412ea8c4f5a3843160f505a8ff9d2aa54ac963b46fe3b247d118dd64c6004a99021669d3b448140fe71df1e3f775a6df1f54e9ae869
-
SSDEEP
12288:2MrWy90xyq0k3Mvfx5qlQ4RDeBGhHP11yD7vZJ8G7S:oylq0k8fx6Q4QQ11ovQh
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1